1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
--TEST--
PostgreSQL pg_insert() - test for CVE-2015-1532
--EXTENSIONS--
pgsql
--SKIPIF--
<?php include("inc/skipif.inc"); ?>
--FILE--
<?php
include('inc/config.inc');
$conn = pg_connect($conn_str);
foreach (array('', '.', '..') as $table) {
try {
var_dump(pg_insert($conn, $table, array('id' => 1, 'id2' => 1)));
} catch (\ValueError $e) {
echo $e->getMessage() . \PHP_EOL;
}
}
?>
Done
--EXPECTF--
pg_insert(): Argument #2 ($table_name) must not be empty
pg_insert(): Argument #2 ($table_name) must be specified (.)
pg_insert(): Argument #2 ($table_name) must be specified (..)
Done
|
